From owner-freebsd-security  Sat Sep  4 17: 8:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15])
	by hub.freebsd.org (Postfix) with ESMTP id 0944414DFF
	for <freebsd-security@FreeBSD.org>; Sat,  4 Sep 1999 17:08:23 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Received: from localhost (green@localhost)
	by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id UAA78039;
	Sat, 4 Sep 1999 20:07:17 -0400 (EDT)
X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs
Date: Sat, 4 Sep 1999 20:07:17 -0400 (EDT)
From: "Brian F. Feldman" <green@FreeBSD.org>
X-Sender: green@janus.syracuse.net
To: Mike Tancsa <mike@sentex.net>
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	freebsd-security@FreeBSD.org
Subject: Re: FW: Local DoS in FreeBSD
In-Reply-To: <4.1.19990901191051.04e80570@granite.sentex.ca>
Message-ID: <Pine.BSF.4.10.9909042006200.76486-100000@janus.syracuse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 1 Sep 1999, Mike Tancsa wrote:

> >We have known for some time that the problem originally described
> >exists, but developing an acceptable solution has been a challenge.
> >Now that sockets carry around user credentials, it may perhaps not be
> >as difficult as it used to be.
> >
> >What needs to be done is to impose a per-UID resource limit on the
> >amount of socket buffer space available.
> 
> 
> Do you think these changes would be incorporated into the 3.x branch, or
> strictly 4.x ?

Both. The basis necessary (so_cred) is in both, but I need to change it
to a ucred (it really should be a ucred, not a pcred.) That change is
one of the changes I've made in my diffs I posted an address to.

> 
> 	---Mike
> **********************************************************************
> Mike Tancsa, Network Admin        *  mike@sentex.net
> Sentex Communications Corp,       *  http://www.sentex.net/mike
> Cambridge, Ontario                *  01.519.651.3400
> Canada                            *
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
 Brian Fundakowski Feldman           /  "Any sufficiently advanced bug is    \
 green@FreeBSD.org                   |   indistinguishable from a feature."  |
     FreeBSD: The Power to Serve!    \        -- Rich Kulawiec               /



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message